Class: Flows

Class: Flows

Defined in: auth-server-ts/src/flows.ts:40

Aggregator of HTTP flows that don’t belong on the main AuthClient surface. One thin method per auth-server endpoint, all wired through the client’s Transport + SessionStore.

Endpoint map (verified against auth-server/internal/api/routes/routes.go):

• password reset / change → /auth/password/*
• email verification → /auth/verify-email*
• 2FA enroll / enable / off → /auth/2fa/*
• sessions list / terminate → /auth/sessions*
• my apps / my orgs → /me/apps, /me/orgs
• SSO providers / url / etc → /auth/sso/*
• admin → /admin/*, /auth/check-email, /auth/admin/set-password
• validate (server-side) → /auth/validate
• magic link → /auth/magic-link/*
• audit log → /admin/audit-log
• invitations (self-service) → /me/invitations*

Mirrors PHP’s Vendidit\AuthServer\Flows method-for-method.

Constructors

Constructor

new Flows(client): Flows

Defined in: auth-server-ts/src/flows.ts:41

Parameters

client

AuthClient

Returns

Flows

Properties

client

readonly client: AuthClient

Defined in: auth-server-ts/src/flows.ts:41

Methods

acceptInvitation()

acceptInvitation(invitationId): Promise<Record<string, unknown>>

Defined in: auth-server-ts/src/flows.ts:375

Parameters

invitationId

string

Returns

Promise<Record<string, unknown>>

---

adminSetPassword()

adminSetPassword(userId, newPassword, serviceToken?): Promise<void>

Defined in: auth-server-ts/src/flows.ts:290

Parameters

userId

string

newPassword

string

serviceToken?

string

Returns

Promise<void>

---

auditLog()

auditLog(query?): Promise<AuditLogResult>

Defined in: auth-server-ts/src/flows.ts:347

Parameters

query?

AuditLogQuery = {}

Returns

Promise<AuditLogResult>

---

changePassword()

changePassword(currentPassword, newPassword): Promise<void>

Defined in: auth-server-ts/src/flows.ts:59

Parameters

currentPassword

string

newPassword

string

Returns

Promise<void>

---

checkEmail()

checkEmail(email, serviceToken?): Promise<boolean>

Defined in: auth-server-ts/src/flows.ts:278

Parameters

email

string

serviceToken?

string

Returns

Promise<boolean>

---

clientCredentialsGrant()

clientCredentialsGrant(clientId, clientSecret, scopes?): Promise<ServiceTokenResponse>

Defined in: auth-server-ts/src/flows.ts:403

Exchange client credentials for a service-principal access token. Returns the raw ServiceTokenResponse.

Parameters

clientId

string

clientSecret

string

scopes?

string[] = []

Returns

Promise<ServiceTokenResponse>

---

completeSso()

completeSso(provider, code, state): Promise<AuthResponse>

Defined in: auth-server-ts/src/flows.ts:204

Step 2/3: complete the SSO callback. Handles both the PKCE branch (server returns auth_code, we exchange) and the non-PKCE branch (server returns user + tokens directly).

Parameters

provider

string

code

string

state

string

Returns

Promise<AuthResponse>

---

declineInvitation()

declineInvitation(invitationId): Promise<void>

Defined in: auth-server-ts/src/flows.ts:386

Parameters

invitationId

string

Returns

Promise<void>

---

disableTwoFactor()

disableTwoFactor(password, code): Promise<void>

Defined in: auth-server-ts/src/flows.ts:107

Parameters

password

string

code

string

Returns

Promise<void>

---

enableTwoFactor()

enableTwoFactor(code): Promise<void>

Defined in: auth-server-ts/src/flows.ts:96

Parameters

code

string

Returns

Promise<void>

---

hardDeleteUser()

hardDeleteUser(userId, reason): Promise<void>

Defined in: auth-server-ts/src/flows.ts:318

Parameters

userId

string

reason

string

Returns

Promise<void>

---

impersonate()

impersonate(targetUserId, reason): Promise<AuthResponse>

Defined in: auth-server-ts/src/flows.ts:305

Parameters

targetUserId

string

reason

string

Returns

Promise<AuthResponse>

---

listMyInvitations()

listMyInvitations(): Promise<{ invitations: InvitationRecord[]; }>

Defined in: auth-server-ts/src/flows.ts:364

Returns

Promise<{ invitations: InvitationRecord[]; }>

---

listSessions()

listSessions(): Promise<{ sessions: SessionRecord[]; }>

Defined in: auth-server-ts/src/flows.ts:120

Returns

Promise<{ sessions: SessionRecord[]; }>

---

lookupUsers()

lookupUsers(input, serviceToken?): Promise<{ users: LookupUserRecord[]; }>

Defined in: auth-server-ts/src/flows.ts:261

Bulk user lookup (admin chain — system_admin or super_admin).

Parameters

input

emails?

string[]

ids?

string[]

serviceToken?

string

Returns

Promise<{ users: LookupUserRecord[]; }>

---

myApps()

myApps(): Promise<Record<string, unknown>>

Defined in: auth-server-ts/src/flows.ts:144

Returns

Promise<Record<string, unknown>>

---

myOrgs()

myOrgs(): Promise<{ organizations: MyOrgRecord[]; }>

Defined in: auth-server-ts/src/flows.ts:149

Returns

Promise<{ organizations: MyOrgRecord[]; }>

---

registerPermissions()

registerPermissions(service, permissions, serviceToken?): Promise<Record<string, unknown>>

Defined in: auth-server-ts/src/flows.ts:330

Register this service’s permission catalog slice (system_admin only).

Parameters

service

string

permissions

PermissionManifestEntry[]

serviceToken?

string

Returns

Promise<Record<string, unknown>>

---

requestMagicLink()

requestMagicLink(email, appCode?): Promise<void>

Defined in: auth-server-ts/src/flows.ts:236

Parameters

email

string

appCode?

string

Returns

Promise<void>

---

requestPasswordReset()

requestPasswordReset(email, appCode?): Promise<void>

Defined in: auth-server-ts/src/flows.ts:45

Parameters

email

string

appCode?

string

Returns

Promise<void>

---

resendVerification()

resendVerification(email, appCode?): Promise<void>

Defined in: auth-server-ts/src/flows.ts:76

Parameters

email

string

appCode?

string

Returns

Promise<void>

---

resetPassword()

resetPassword(token, newPassword): Promise<void>

Defined in: auth-server-ts/src/flows.ts:52

Parameters

token

string

newPassword

string

Returns

Promise<void>

---

setupTwoFactor()

setupTwoFactor(): Promise<TwoFactorSetupResponse>

Defined in: auth-server-ts/src/flows.ts:85

Returns

Promise<TwoFactorSetupResponse>

---

ssoProviders()

ssoProviders(): Promise<{ providers: SsoProviderInfo[]; }>

Defined in: auth-server-ts/src/flows.ts:227

Returns

Promise<{ providers: SsoProviderInfo[]; }>

---

startSso()

startSso(opts): Promise<{ authUrl: string; codeVerifier: string; state: string; }>

Defined in: auth-server-ts/src/flows.ts:165

Step 1: get the provider auth URL. Stores a PKCE verifier per state.

Parameters

opts

inviteCode?

string

organizationId?

string

provider

string

redirectUrl

string

Returns

Promise<{ authUrl: string; codeVerifier: string; state: string; }>

---

terminateSession()

terminateSession(sessionId): Promise<void>

Defined in: auth-server-ts/src/flows.ts:131

Parameters

sessionId

string

Returns

Promise<void>

---

validateTokenRemote()

validateTokenRemote(token): Promise<Record<string, unknown>>

Defined in: auth-server-ts/src/flows.ts:254

Validate a token at the server (fallback when shared secret unavailable).

Parameters

token

string

Returns

Promise<Record<string, unknown>>

---

verifyEmail()

verifyEmail(token): Promise<void>

Defined in: auth-server-ts/src/flows.ts:72

Parameters

token

string

Returns

Promise<void>

---

verifyMagicLink()

verifyMagicLink(token): Promise<AuthResponse>

Defined in: auth-server-ts/src/flows.ts:243

Parameters

token

string

Returns

Promise<AuthResponse>